Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

This is driving me nuts! Anyway, have openldap running on a RH server working fine. I can query it via ldapsearch as well as running apache locally with phpLdapAdmin and can login, etc. so I know all is well.

Now the client part is driving me iNsAnE! I read 100 different articles all say different things so I have to say someone out here has it working! My test client Fedora, I run the system-config-authentication, select ldap and the proper info for both User and Authentication. Logout, login as my test ldap user (not on the local box) and nothing, nothing on the ldap server either.

The nss-ldap and ldap-conf files are updated correctly via the above config, so I need someone to throw some suggestions, ideas or something this way.

ok, well in general you need demarcation points... the getent tool lets you pull down the systems view of your passwd database, shadow, group and other things. if you do a "getent passwd" you'll see all possible users that the system recognises could log in to your system. you'll see the local data, the ldap data and any other user sources. that'll let you see what ldap data is being pulled back. it's quite possible that you're getting some data, but not all of it. when i was trying to get ldap connectivity to Active Directory, i had issues like i wasn't providing UID's from it... also a packet sniffer is (imho) a very useful tool. if you are not using ldaps then you can see if the server is actually giving you data back from a tool like wireshark. also the redhat tool itself is insufficient. you *should* need to bind with a real user account, not anonymously, something that the redhat tool doesn't even let you specify. use the tool for a base, then edit your /etc/ldap.conf to actually make it work.

ok, well since reading, I did update the ldap.conf with some connection info and see that it's failing so I am taking a step forward and back as I am getting errors in the client log file. Taking a step back, I am trying to understand who bind's to query. In the ldap, I have the admin (cn=admin, ou=employees,dc=company,dc=com). The question / problem here lies in the ldap.conf file because playing with that causes the errors;

There are 2 bind's, the 1st is a binddn the other rootbind, I assume either of them could bind as the admin above and I guess there should be another user who can bind w/o admin functionality, but for now, I just want this to work, then can tweak. If I use the above as either the binddn or rootbinddn and comment bindpw, in the messages file I get;
nss_ldapL failed to bind to LDAP server .... Invalid credentials (which is good)

If I uncomment the bindpw, save and re-issue the getent it runs through the local and hangs (wireshark locks up) and I must force quit.

So at least I get feedback, the admin password is encrypted so I am sure the bindpw has to show that, but how can I echo (for lack of a better term) that password in that format to put in the ldap.conf file?